Youtube Lottery Email Scam (Mac)

Also Known As: possible malware infections
Type: Mac Virus
Distribution: Low
Damage level: Medium

How to remove "Youtube Lottery Email Scam" from Mac?

What is "Youtube Lottery Email Scam"?

"Youtube Lottery" Email Scam (Mac) is used to trick people into believing that they have won a YouTube lottery. The main goal of this scam is to encourage recipients to send their full names, addresses, mobile telephone numbers, and other information to scammers. Since this is merely a scam and YouTube has nothing to do with it, we recommend that you ignore "Youtube Lottery". Do not send any details whatsoever to these scammers.

Youtube Lottery scam

The email is designed to appear like an official notification from YouTube. Recipients are encouraged to open the attachment ("YOUTUBE PAYMENT 2019.pdf" file) and follow further instructions. The message in the attachment states that the recipient of this email was selected as a major customer - a YouTube users and winner of $970,000,000. It is stated that this lottery is promoted by the International Lottery and Betting Institution. Additionally, recipients are encouraged not to share information about this email with anyone, since this might apparently cause fraudulent claims by unauthorized people. To claim the prize, recipients are encouraged to send their full names, current contact addresses, and mobile numbers to claims@youtube-processing.icu. Once contacted, these scammers might request more details. Their objective is to obtain information and misuse it to generate revenue. To avoid issues with privacy, browsing safety, or even identity theft, do not trust this email.

There are many different scams, many of which are designed to trick people into sending money to scammers. Some examples include "CVE-2019-1663", "Placed a malware on the xxx streaming site", and "This account was recently infected". Additionally, some scams are designed to infect computers. Scammers send emails that contain malicious attachments. If opened, they download and install high-risk malware. Examples of malicious programs proliferated through emails include LokiBot, TrickBot, Emotet, and AZORult. Typically, cyber criminals spread malware that is designed to steal personal details, which could be used to generate revenue. They attempt to trick people into installing programs that steal information such as logins, passwords, information relating to users' browsing habits, and so on. Victims usually experience problems such as data/financial loss, privacy issues, and so on. Do not trust these emails.

Threat Summary:
Name possible malware infections
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Scammers claim that recipients have won the YouTube lottery and ask them to send personal information
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the user's computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Removal

To eliminate possible malware infections our malware researchers recommend scanning your computer with Combo Cleaner.
▼ Download Combo Cleaner
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

How did potentially unwanted applications install on my computer?

Spam campaigns (emails) are used to proliferate malicious programs, however, they can only infect systems if the files attached to them are opened. Attachments contained in emails of this type are usually Microsoft Office documents, PDF documents, ZIP, RAR and other archive files, JavaScript files or executables (.exe files). If left unopened, they cannot do any damage.

How to avoid installation of potentially unwanted applications?

There are various ways to proliferate malicious programs. To avoid having them installed unintentionally, be careful with suspicious emails. If an email is received from an unknown, suspicious address, contains an attachment/web link, or is irrelevant, you should ignore it. All software should be downloaded from official websites. Other sources such as P2P (Peer-to-Peer) networks, unofficial pages, third party downloaders and so on, should not be trusted. Installed software must be updated properly, using implemented tools (or functions) provided by official software developers. It is not safe to activate installed programs or operating systems via third party activation tools ('cracks'). These are illegal and are often used to distribute malware (download and install malicious programs). Computers are safer if reputable anti-virus or anti-spyware suites are installed. Also scan systems for viruses regularly. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the email:

Subject: CONGRATULATIONS! YOUTUBE LOTTERY WINNING NOTIFICATION.

YouTube Official Notification

YouTube - Board Members wishes to congratulate you.
Attached is your prize winning Notification letter for your payment.

Yours sincerely,

Eric Harman
Director YouTube Foundation

© 2019 YouTube LLC, San Bruno, California, United States

Screenshot of the text in the attached file ("YOUTUBE PAYMENT 2019.pdf"):

youtube lotttery email scam attachment

Text in this PDF document:

YouTube, LLC
Website:
www.youtube.com

We wish to congratulate you on this note for being selected as a major customer this year. This promotion was set-up to encourage the active users of YouTube search engine and the YouTube ancillary services and confirmed by our co-sponsors Visa*/MasterCard* International. YouTube earns its profit mainly from advertising and Views, social networking, YouTube video sharing.

We are delighted to inform you of the ONLINE MEGA GRANT 2019 DRAW held on May 2019: Due to mix up of names & numbers the result were released on MAY/19/2019. Your eMail ID attached to ticket number: 809976 with serial number: 9912 drew lucky numbers: 4-18-21-27-32-37 with bonus ball 45 which consequently won in the 3rd category.

Therefore, we present & approved you the winner of the sum of NINE HUNDRED & SEVENTY THOUSAND DOLLARS ($970,000,00USD). Congratulations!!! This online program was designed & promoted by US INTERNATIONAL LOTTERY & BETTING INSTITUTION ACROSS NATION.

To enable us proceed with your claims, this information must be kept away from public to avoid unwarranted abuse of the program or fraudulent claims by unauthorized person(s). We hereby, asked for the reconfirmation of your Full names, Current contact address and Mobile number along with your eMail ID for proper verification.

Contact & Forward the above listed details to your claims agent: Dr. Albert Osborne.

eMail: claims@youtube-processing.icu

YouTube values your right to privacy! Your information M 100% secured and will be used exclusively for the purpose of this grant only.

Congratulations from the Staff & Members of YouTube and YouTube Board. Sincerely,

Susan D. Wojcic1d
Chief Executive Officer of
YouTube.

©2019 YouTube LLC

All fight reserved. This email was sent from a notification email address. The information in this email is confidential and legally privileged. h is for the exclusive use of the intended recipient(s). Please consider the environment.

Instant automatic removal of possible malware infections: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove possible malware infections related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

possible malware infections removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove possible malware infections related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove possible malware infections related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove possible malware infections related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Removal Instructions in other languages
Malware activity

Global virus and spyware activity level today:

Medium threat activity
Medium

Increased attack rate of infections detected within the last 24 hours.

QR Code
possible malware infections QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of possible malware infections on your mobile device.
We Recommend:

Get rid of possible malware infections today:

▼ REMOVE IT NOW with Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.